--- In firstname.lastname@example.org
, russell_harrison <no_reply@...> wrote:
> --- In email@example.com, ancestral.atlas
> > Russell,
> > Thanks for your suggestion.
> > The automatic log out should only occur if you've been inactive on the web site for 20 minutes. It's designed to protect your work from others particularly if you've forgotten to log out.
> I understand its purpose, and greatly appreciate your dedication to the security of your users, but I find it overzealous to have timeouts shorter than financial institutions who are protecting my money. Especially, on a site intended to allow me to collaborate with others in my research. I don't include any information in my uploads that needs protecting. Everything that I've sent to the site is also available in other places with no authentication at all.
> > But we take your point and will look into relaxing the timeout period. A whole day does seem a little excessive though - does anyone have any other suggestions? Is an hour a better value or would more people prefer something else?
> An hour is still entirely too short of a time period in my view. I'd actually prefer that my login last as long as my browser session the same as most other social networking sites. I conduct my research in the brief periods of free time I have (as I'm sure most people do) which is often separated by hours of time doing other things for work or my family. Not being able to pick up where I left off eats into my productive time significantly.
> Besides, if I've been gone long enough for the timeout to take effect my screen saver has locked my machine down preventing people from seeing my browser anyway. If that isn't the case for other users then they have much bigger problems to worry about than their research on Ancestral Atlas.
As an update to this, we have now relaxed the timeout to 12 hours.
We hope this is long enough for most requirements.
- Ancestral Atlas